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A SYSTEM AND METHOD FOR SECURELY 
TRANSFERRING PLAINDATA FROM A FIRST 
LOCATION TO A SECOND LOCATION 

DESCRIPTION 

5 Technical Field 

The present invention relates to data transfer 
via a data transport network (the Network) , such as 
a TCP/IP network. The TCP/IP network may be SMTP 
(Simple Mail Transport Protocol), HTTP (Hypertext 

10 Transport Protocol) , FTP (File Transfer Protocol) , 

direct IP socket connections, or the like. The 
present invention relates more particularly to a 
system and method which provides authentication, 
non-repudiation, message integrity, confidentia- 

15 lity, and time/date stamping of such data transfer. 
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Background Prior Art 

As electronic commerce, or the transfer of 
business data such as invoices, via the internet 
becomes more prevalent, concerns for authentica- 
5 tion, non-repudiation, message integrity, confiden- 

tiality, and time/date stamping of the data become 
critical. For example, with electronic commerce, 
there is no paper trail of the transaction. 

The present invention is provided to solve 

10 this and other problems. 

c:nTnmai rv of the Invention 

It is an object of the invention to provide a 
system for securely transferring a message compris- 
ing plaindata from a first location to a second 

15 location via a network, such as an SMTP capable 

transport over a TCP/IP network. 

In accordance with the invention, the system 
comprises a first client station at the first 
location a second client station at the second 

20 location and a clearing station storing key encryp- 

tion identification information for the second 
client station. Means are provided for communica- 
tively coupling each of the stations to the net- 
work. TO transfer the plaindata, means associated 

25 with the first client station requests the second 

client station key encryption identification infor- 
mation from the clearing station via the network. 
Means responsive to the first client station re- 
quest transfers the second client station key 

30 encryption identification information from the 

clearing station to the first client station via 
the network. Means associated with the first 
client station encrypts the plaindata to form 
cipherdata utilizing the second client station key 

35 encryption identification information. Means then 

transfers the cipherdata from the first client 

-2- 
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Station to the second client station via the net- 
work. Means transfers transmit confirmation infor- 
mation from the first client station to the clear- 
ing station. The transmit confirmation information 
5 indicates to the clearing station that the first 

client station transmitted the cipherdata to the 
second client station. Means associated with the 
second client station decrypts the received cipher- 
data, and means transfers acknowledgement informa- 

10 tion from the second client station to each of the 

first client station and the clearing station. The 
acknowledgement information confirms to the first 
client station and the clearing station that the 
second client station received the message. 

15 It is comprehended that the clearing station 

stores key encryption identification information 
for the first client station and that the system 
includes means associated with the second client 
station for requesting the first client station 

20 public key encryption identification information 

from the clearing station and means responsive to 
the request for transferring the first client 
station public key encryption identification infor- 
mation to the second client station. 

25 It is further comprehended that the transmit 

confirmation information comprises a message number 
uniquely relating to the plaindata . Alternatively 
the transmit confirmation information comprises a 
digest of the plaindata. Still alternatively, the 

30 transmit confirmation information comprises the 

entire plaindata. 

It is still further comprehended that the 
clearing station includes means for providing an 
audit report of messages sent from the first client 

35 station to the second client station. 
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It is yet further comprehended that the syster 
includes encryption key management, including means 
for updating encryption identification information. 
Other features and advantages of the invention 
5 will be apparent from the following specification 

taken in conjunction with the following drawing. 
Brief Description of Drawings 

•Figure 1 is a block diagram of a first embodi- 
ment of the present invention; 

Figure 2 is a block diagram of an expanded 
embodiment of the present invention; and 

Figure 3 is a block diagram of a still further 
expanded embodiment of the present invention. 
Detailed Description 

While this invention is susceptible of embodi- 
ments in many different forms, there is shown in 
the drawings and will herein be described in de- 
tail, preferred embodiments of the invention with 
the understanding that the present disclosure is to 
20 be considered as an exemplification of the princi- 

ples of the invention and is not intended to limit 
the broad aspects of the invention to the embodi- 
ments illustrated. 

A system, generally designated 10, for secure - 
25 ly transferring plaindata from a first location 12 

to a second location 14 is disclosed in Figure 1. 
As used herein, the term "plaindata" means data in 
its state prior to encryption. Typically plaindata 
is unencrypted, although it is conceivable that 
30 encrypted data could be subject to further encryp- 

tion, and thus such encrypted data would be plain- 
data. The plaindata is first encapsulated, using a 
conventional MIME header and trailer. The encapsu- 
lated plaindata is then transferred via a data 
35 transport network, such as a TCP/IP (Transport 

Control Protocol/internet Protocol) network, re- 
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f erred to herein as internet 16. The network may 
be SMTP (Simple Mail Transport Protocol) , or con- 
ventional e-mail) . Alternatively, the plaindata 
can be transferred via HTTP (Hypertext Transport 
Protocol), FTP (File Transfer Protocol), direct IP 
socket connections, or the like. 

The system comprises a first client station 18 
at the first location and a second client station 
20 at the second location. The first client sta- 
tion 18 and the second client station 20 are anti- 
cipated to be conventional personal computers, or 
PC's, having respective modems (not specifically 
shown) connected to a conventional telephone net- 
work. The connection to the telephone network may 
15 be direct, or over a network such as a local area 

network. 

The system 10 further includes a clearing 
station 24. The clearing station 24 can also be a 
conventional PC having a modem connecting the 
20 clearing station 24 via a telephone network to the 

internet 16 . 

As is well known, there are two conventional 
models of data encryption, symmetric and asymme- 
tric . 

25 According to symmetric data encryption, a 

single digital number, or key, is used both to 
encrypt and decrypt plaindata. 

According -to-asymmetric data encryption, two 
related digital numbers are used. The first number 
is commonly referred to as a public key and the 
second number is commonly referred to as a private 
key. An entity maintains its private key private, 
as the name suggests, and makes its public key 
known to those needing it. If the first entity is 
35 to send plaindata to a second entity, the first 

entity encrypts the plaindata into cipherdata using 



30 
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20 



25 
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35 



the second entity's public key. The second entity 
then decrypts the received cipherdata into plain- 
data using its own private key. Thus once plain- 
data is encrypted with the second entity's public 
key, only the holder of the second entity's private 
key' can decrypt the cipherdata. A more complete 
discussion of data encryption schemes can be found 

in Cor -i^^»-^on security. by Warwick 

Ford, Prentiss-Hall, 1994. Another reference is 
rr- YT^roaraphv , by Bruce Schneier. published 
by Counterpane Systems, Oak Park, IL. 

The clearing station 24 stores key encryption 
identification information for the second client 
station. The key encryption identification infor- 
mation would be the second client station's only 
key, if symmetric encoding was being utilized, or 
the key encryption identification information would 
be the second client station's public key, if 
asymmetric encoding was being utilized. As noted 
above, each of the stations 18, 20, 24 is communi- 
catively coupled to the internet 16. 

The following is a discussion describing how 
plaindata is transferred from the first client 
station 18 to the second client station 20. Soft- 
ware operable by the first client station 18 causes 
the first client station 18 to contact the clearing 
station 24 via the internet 16 and requests the 
second client station key encryption identification 
information from the clearing station 24. The 
clearing station 24 automatically responds to the 
first client station request and transfers the 
second client station key encryption identification 
information from the clearing station 24 to the 
first client station 18 via the internet 16. 

The first client station 18 then encrypts the 
plaindata to be sent to the second client station 
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20 to form cipherdata. This encryption utilizes 
the second client station key encryption identifi- 
cation information. Once encrypted, the first 
client station 18 then automatically transfers the 
5 cipherdata from the first client station 18 to the 

second client station 20 via the internet 16. In 
addition, the first client station 18 automatically 
transfers transmit confirmation information from 
the first client station 18 to the clearing station 

■j^Q 24. The transmit confirmation information indi- 

cates to the clearing station 24 that the first 
client station 18 transmitted the cipherdata to the 
second client station 20. 

After the second client station 20 receives 

15 the cipherdata from the first client station 18, 

the second client station utilizes conventional 
software to decrypt the received cipherdata. In 
addition, the second client station 20 automati- 
cally transfers acknowledgement information from 

20 the second client 20 station to each of the first 

client station 18 and the clearing station 24. The 
acknowledgement information confirms to the first 
client station 18 and the clearing station 24 that 
the second client station 20 received the plain- 

25 data. This provides for bi-lateral non- repudiation 

of the message. 

In the preferred embodiment, the clearing 
station 24 stores, . key., encryption identification 
information for the first client station 18. 

30 Accordingly the second client station 20 would 

automatically request the first client station key 
encryption identification information from the 
clearing station 24 and the clearing station 24 
would respond to the request and transfer the first 

35 client station key encryption identification infor- 

mation to the second client station 20. The second 
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client station 20 would use the first client sta- 
tion key encryption identification information to 
unencrypt the message digest of the cypherdata from 
the first client station 18. The first client 
5 station key encryption identification information 

is also used by the second client station 20 to 
encrypt any plaindata the second client station 20 
would- send in response to the first client station 
18 . 

10 The transmit confirmation information may 

comprise a message number uniquely relating to the 
plaindata. Alternatively the transmit confirmation 
information may comprise a digest of the plaindata. 
Still alternatively, the transmit confirmation 

15 information may comprise the entire plaindata. 

Over the course of time, the confidentiality 
of a key may be questioned, and thus the holder of 
the key may desire the number to be changed. 
Accordingly the key identification information 

20 stored at the clearing station 24, and hence pro- 

vided to the client stations, can be updated. 
Additionally, the key identification information 
stored at the clearing station 24, and hence pro- 
vided to the client stations, can be automatically 

25 updated on a periodic basis. 

In addition, a transaction between parties may 
be challenged. Accordingly, the clearing station 
24 providing an audit report of messages sent from 
the first client station 18 to the second client 

30 station 20, 

The above discussion related to data transfer 
from the firs.t client station 18 to the second 
client station 20. It is intended that similar 
data transfer may be made from the second client 

35 station 20 to the first client station 18. Still 

further, similar data transfer may be made between 

-8- 
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an EDI system 30 coupled to the internet 16 via a 
private network gateway 31 and a private value 
added network 32 (such as CompuServ) and either of 
the first client station 18 and/or the second 

g|i|ig^:|g^^;^v:}^ 5 client station 20. 

W^^^^^r As is well known, a digital certificate can be 



20 



used with asymmetric encryption to authenticate 
both -that the identified sender is in fact the true 
sender and that the message was not altered, 
10 Accordingly, the sender utilizes a "hashing algo- 

rithm" (typically either MD-3 or MD-5 protocols) to 
transform plaindata to be sent into a "message 
digest." The "message digest" is then encrypted by 
the sender using the sender's private key. The 
15 encrypted message digest, is called the digital 

certificate, and is attached to the encrypted 
message and sent to the receiver. The receiver 
uses the receiver's private key to decrypt the en- 
crypted message. The receiver also uses the sen- 
der's public key to decrypt the encrypted message 
digest, and then uses the hashing function to 
reform the decrypted message digest to the original 
message. If the message as reformed from the 
message digest is the same as the decrypted message 
.A;; -^.^^^: : ^: 25 as Sent, then one knows that the true sender sent 

i^^^Sppf the message. 

In accordance with the invention, a certifi- 
cate authority 34, such as Verisign, Inc., of 
Mountain View, California, creates and manages 
30 digital certificates and signatures. The particu- 

lars of a certificate authority are discussed by 
Ford, referenced above. 

An expanded version of the invention is illus- 
trated in Figure 2. According to this version, 
Wi^&'^^W^^^ 35 first and second clearing stations 24, 24', and 

their respective first, second, third and fourth 
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client stations 18, 20, 18', 20' are interconnected 
by an internet connection between the respective 
clearing stations 24, 24'. According to this 
version, if the first client station 18 of the 
5 first clearing station 24 desires to transfer 

plaindata to the fourth client station 20' of the 
second clearing station 24', the first client 
station 18 requests the key identification informa- 
tion of the fourth client station 20' via the first 

10 and second clearing stations 24, 24' . Thus both 

clearing stations are required to get the key 
identification information to the first client 
station 24. Once the first client station has the 
key identification information, the plaindata is 

15 transferred as. discussed above, utilizing the first 

clearing station for verification. 

A still further expanded version of the inven- 
tion is illustrated in Figure 3 . According to this 
version, first and second clearing stations 24, 

20 24'/ and their respective first, second, third and 

fourth client stations 18, 20, 18', 20' are inter- 
connected by a commerce broker 36 between the 
respective clearing stations 24, 24 ' . The commerce 
broker 36 is utilized when a direct connection 

25 between clearing stations is not desired, such as 

when a bank's computer and a bulletin board service 
are each "clearing stations", and the bank does not 
want a direct connection with the bulletin board 
service. Accordingly, a mutually trusted entity is 

30 selected to act as the commerce broker 36. 

The system 10 operates in conjunction with 
conventional Windows® based software products, such 
as accounting systems, spreadsheets, word process- 
ing, inventory control, e-mail, or the like, using 

35 windows® API {application program interface) . It 

will be understood that the invention may be embo- 
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died in other specific forms without departing from 
the spirit or central characteristics thereof. The 
present examples and embodiments, therefore, are to 
be considered in all respects as illustrative and 
not restrictive, and the invention is not to be 
limited to the details given herein. 
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CLAIMS 

1. A system for securely transferring plain- 
data from a first location to a second location via 
a data transport network, the system comprising: 

a first client station at said first location; 

a second client station at said second loca- 
tion; 

a clearing station storing key encryption 
identification information for said second client 
station; 

means for communicatively coupling each of 
said stations to said network; 

means associated with said first client sta- 
tion for requesting said second client station key 
encryption identification information from said 
clearing station via said network; 

means responsive to said first client station 
request for transferring said second client station 
key encryption identification information from said 
clearing station to said first client station via 

said network; 

means associated with said first client sta- 
tion for encrypting said plaindata to form cipher- 
data utilizing said second client station key 
encryption identification information; 

means for transferring said cipherdata from 
said first client station to said second client 
station via said network; 

means for transferring transit confirmation 
information from said first client station to said 
clearing station, said transmit confirmation infor- 
mation indicating to said clearing station that 
said first client station transmitted said cipher- 
data to said second client station; 
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means associated with said second client 
station for decrypting said received cipherdata; 
and 

means for transferring acknowledgement infor- 
5 mation from said second client station to each of 

said first client station and said clearing sta- 
tion, said acknowledgement information confirming 
to said first client station and said clearing 
station that said second client station received 
10 said plaindata. 
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2. The system of claim 1 wherein said clear- 
ing station stores key encryption identification 
information for said first client station and said 
system includes means associated with said second 

5 client station for requesting said first client 

station public key encryption identification infor- 
mation from said clearing station and means respon- 
sive -to said request for transferring said first 
client station public key encryption identification 
10 information to said second client station. 

3. The system of claim 1 wherein said trans- 
mit confirmation information comprises a message 
number uniquely relating to said plaindata. 

4. The system of claim 1 wherein said trans - 
15 mit confirmation information comprises a digest of 

said plaindata. 

5. The system of claim 1 wherein said trans- 
mit confirmation information comprises the entire 
plaindata, 

20 6, The system of claim 1 wherein said clear- 

ing station includes means for providing an audit 
report of plaindata sent from said first client 
station to said second client station. 

7. The system of claim 1 including means for 

25 updating encryption identification information. 



-14- 



BNSOOCtD: <W0_jBei3B7OM JL> 



wo 98/13970 



rCT/US97/17420 



8. A system for securely transferring plain- 
data from a first location to a second location via 
an SMTP capable transport over a TCP/IP network, 
the system comprising: 
5 a first client station at said first location; 

a second client station at said second loca- 
tion; 

a clearing station storing key encryption 
identification information for said second client 
10 station; 

means for communicatively coupling each of 
said stations to said network; 

means associated with said first client sta- 
tion for requesting said second client station key 
15 encryption identification information from said 

clearing station via said network; 

means responsive to said first client station 
request for transferring said second client station 
key encryption identification information from said 
20 clearing station to said first client station via 

said network; 

means associated with said first client sta- 
tion for encrypting said plaindata to form cipher- 
data utilizing said second client station key 
25 encryption identification information; 

means for transferring said cipherdata from 
said first client station to said second client 
station via said network; 

means for transferring transit confirmation 
30 information from said first client station to said 

clearing station, said transmit confirmation infor- 
mation indicating to said clearing station that 
said first client station transmitted said cipher- 
data to said second client station; 
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means associated with said second client 
station for decrypting said received cipherdata; 
and 

means for transferring acknowledgement infor- 
5 mation from said second client station to each of 

said first client station and said clearing sta- 
tion, said acknowledgement information confirming 
to said first client station and said clearing 
station that said second client station received 
10 said plaindata. 
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9. The system of claim 8 wherein said clear- 
ing station stores key encryption identification 
information for said first client station and said 
system includes means associated with said second 
client station for requesting said first client 
station public key encryption identification infor- 
mation from said clearing station and means respon- 
sive to said request for transferring said first 
client station public key encryption identification 
information to said second client station. 

10. The system of claim 8 wherein said trans- 
mit confirmation information comprises a message 
number uniquely relating to said plaindata. 

11. The system of claim 8 wherein said trans- 
mit confirmation information comprises a digest of 

said plaindata. 

12. The system of claim 8 wherein said trans- 
mit confirmation information comprises the entire 
plaindata . 

13 . The system of claim 8 wherein said clear- 
ing station includes means for providing an audit 
report of plaindata sent from said first client 
station to said second client station. 

14 . The system of claim 8 including means for 
updating encryption identification information. 
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15. A system for securely transferring plain- 
data from a first location to a second location via 
an SMTP capable transport over a TCP/IP network, 
the system comprising: 

a first client station at said first location; 

a second client station at said second loca- 
tion, said second client station for storing pri- 
vate key encryption identification information for 
said second client station; 

a clearing station a for storing public key 
encryption identification information for said 
second client station, said public key encryption 
identification information corresponding to said 
private key encryption identification information; 

means for communicatively coupling each of 
said stations to said network; 

means associated with said first client sta- 
tion for requesting said second client station 
public key encryption identification information 
from said clearing station via said network; 

means responsive to said first client station 
request for transferring said second client station 
public key encryption identification information 
from said clearing station to said first client 
station via said network; 

means associated with said first client sta- 
tion for encrypting said plaindata to form cipher- 
data utilizing said second client station public 
key encryption identification information; 

means for transferring said cipherdata from 
said first client station to said second client 
station via said network; 

means for transferring transit confirmation 
information from said first client station to said 
clearing station, said transmit confirmation infor- 
mation indicating to said clearing station that 
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said first client station transmitted said cipher- 
data to said second client stations- 
means associated with said second client 
station for utilizing said second client station 
private key for decrypting said received cipher- 
data; and 

means for transferring acknowledgement infor- 
mation from said second client station to each of 
said first client station and said clearing sta- 
tion, said acknowledgement information confirming 
to said first client station and said clearing 
station that said second client station received 
said plaindata. 
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